Main menu

Centralize your logs with logstash (getting started guide)

Submitted by ygerasimov on Mon, 01/12/2015 - 14:51

Logstash is a great tool to centralize logs in your environment. For example we have several drupal webheads that write logs into syslog. It would be really nice to see those logs somewhere centrally to find out about your system's health status and debug potential problems.

In this article I would like to show how easy to start using logstash for local development.

inputs -- where we grab logs from. This can be files on local files system, records of database table, redis and many more.

codecs -- way you can serialize/unserialize you data. Think about it as json decode when you get records or running json encode when you are saving log message.

filters -- instruments to filter particular log records we want to process. Example -- syslog has many records but we want to extract only drupal related.

outputs -- where we are passing our processed log records. It can be a file (multiple different formats), stdout or what is most interesting elastic search

Tricky part comes when you need to install Elastic Search to store your logs and Kibana to view them. There is very nice shortcut for development purposes -- to use already built docker image for that.